Cybersecurity and Healthcare

The NIST Cybersecurity Framework is aimed at protecting the nation’s data.

authors Shelly Bangert

We are building our lives around our wired and wireless networks. The question is, are we ready to work together to defend them? This headline appears on the About Us page of the FBI website,, which describes that agency’s efforts to investigate cyber-based terrorism, espionage and computer fraud. The text goes on to describe how the FBI combats cyber-crime and cyber-terrorism by gathering and sharing information with public institutions and private businesses worldwide.

Sharing information and best practices is a fundamental principle in the fight against cyber-crime and terrorism. In 2014, another federal government agency, the National Institute of Standards and Technology (NIST), issued a press release announcing Executive Order 13636, “Improving Critical Infrastructure Cybersecurity.” This 41-page document describes the Cybersecurity Framework for protecting 16 of our nation’s critical infrastructures, including banking, transportation, telecommunications and healthcare.

NIST is not a regulatory body. It is an agency of the Department of Commerce, and its mission is to “promote U.S. innovation and industrial competitiveness by advancing measurement science, standards and technology in ways that enhance economic security and improve our quality of life.”

The NIST Cybersecurity Framework is a collaborative effort between public and private organizations, and its purpose is to provide a set of industry standards and best practices for managing cybersecurity risks.

At this point the Cybersecurity Framework is a voluntary program. The 16 critical infrastructure sectors—including healthcare—are expected to assess their own risks and implement their own best practices. By meeting the guidelines of the framework, organizations may be able to avoid additional federal regulation of cybersecurity.

The framework includes three primary components: Core, Tiers and Profiles. There are five Core functions for reducing cybersecurity risk: Identify, Protect, Detect, Respond and Recover. There are four Tiers of organizational engagement and preparation: Partial, Risk Informed, Repeatable and Adaptive. The Profiles describe the organization’s current state of cybersecurity activities. Each organization is responsible for addressing the Core functions, moving up the Tiers of engagement and developing its own Profiles of goals and outcomes.

The five Core principles describe how an organization should establish practices for 1) identifying its most critical intellectual property and assets, 2) developing and implementing procedures to protect them, 3) having resources in place to recognize a cybersecurity breach, 4) having procedures in place to respond to a breach, and 5) having procedures in place to recover from a breach when one occurs.

There are direct benefits for organizations that respond to the Cybersecurity Framework and implement its components. Proponents of the framework cite benefits such as collaboration, risk reduction, cost savings and improved internal practices.

Additionally, some proponents have observed a benefit related to the demonstration of due care. If, for example, an organization is victimized by hackers or terrorists, its directors may have to defend its security practices to insurance companies, consumers or litigants. Organizations that have implemented the Cybersecurity Framework will be able to demonstrate that they have taken due care to protect their information and assets. According to SEC Commissioner Luis Aguilar, the Cybersecurity Framework has been suggested as a potential baseline for “best practices by companies, including in assessing legal or regulatory exposure to these issues or for insurance purposes.”

The healthcare sector has benefitted greatly from technological improvements in telemedicine, remote diagnosis, record transfers and billing efficiencies, to cite just a few examples. Now it is time to defend the healthcare infrastructure against cyber-attacks from criminals and terrorists.


Shelly Bangert is director of revenue cycle management at Hawthorn Physician Services Corp. in St. Louis. Shelly can be reached at .

More in Business

Business  May 04

New Reimbursement Models

Behavioral health parity is the goal, says leading industry specialist.

Business  May 04

Reimbursement Parity for Behavioral Health

This payment specialist says reimbursement reform has been slow, but signs point to change starting to come more quickly.

Business  Apr 07

Planning for Long-Term Care

“A man who procrastinates in his choosing will inevitably have his choice made for him by circumstance.” – Hunter S. Thompson

Business  Apr 06

At the Crossroad of Innovation & Operations

How can healthcare organizations best innovate in the swell of industry change?

Business  Feb 29

‘Trigger Tool’ Available for Hospitals and SNFs

How can ‘trigger tools’ identify adverse events?

Business  Feb 29

Staffing Predicaments of Full Open Enrollment

How will staffing change with full open enrollment?

Business  Feb 08

Challenging Population Health Management Issues

The nation’s leading forum on innovations in population health is slated for March 7-9 in Philadelphia.

Regulatory / Compliance  Feb 08

RAC is Back

After a pause in the action while CMS tweaked the RAC program and began the interview process for new auditors, RACs are back … with…

Clinical  Feb 08

The 7th Character

How important is the 7th character for Medicare/Medicaid claims?

Business  Jan 26

Taken for Granted: A New Era in Care – the New SSM Health Saint Louis University Hospital

Patient-centered design will enhance the new state-of-the-art academic facilities.

Clinical  Jan 26

New Outpatient Care Center Under Construction in South St. Louis County

Washington University School of Medicine in St. Louis and Barnes-Jewish Hospital (BJH) are building a new outpatient facility in south…

Business  Jan 19

From Medicine to the Business World

Hospitalist, intensivist and entrepreneur relishes helping other women succeed.

Business  Jan 15

Washington University Alumni Have Human Periscope at Events

Washington University alumni now have a new proxy at St. Louis business mixers.

Business  Jan 15

Midwest Healthcare Leaders Converge To Discuss Cutting-Edge Innovation

Physicians, investors and entrepreneurs directly exchange ideas at unique business mixer in heart of America.

Business  Jan 06

Evidence-based Design: Marrying Form & Function on the Front Line

Evidence-based design experts know that outfitting healthcare facilities is about much more than just selecting attractive furnishings…

Business  Dec 15

Chef’s New Cookbook Helps Chemotherapy Patients Eat Their Way Through Treatment

Cook identifies what to adjust to make flavorful food for cancer patients.

Business  Dec 15

Taken for Granted: A Journey Through St. Louis Healthcare

In a city of world renowned healthcare, expansion is moving rapidly.

Business  Dec 14

No Correlation Found Between Length of ER Stay and Mortality Rates

How much does ER and ED overcrowding affect trauma patient care?

Business  Dec 11

Retirement Funding Strategies for High Income Earners

All retirement plans are not created equal. High income earners have to do a little homework to find the best solution to maximize…

Business  Dec 11

MGMA Conference Tackled Evolving Practice Needs

The recent MGMA annual meeting in Nashville proved there’s no room for ‘business as usual’ in today’s evolving healthcare…

Clinical  Dec 11

New Amniotic Allograft Storage Breakthrough Enriches Healing Potential

Advanced stem cell preservation is giving researchers and physicians multiple options.

  Load more content